Privacy Policy
Last updated: 29 April 2026
This Privacy Policy explains how Conimex IT d.o.o. ("Conimex IT", "we", "us") handles personal data collected through the website www.conimext.co.rs.
We have built this website to be as privacy-respecting as we can reasonably make it: no tracking cookies, no analytics, no advertising pixels, no newsletter list, no CRM. The only personal data we collect is what you choose to send us through the contact form.
1. Who we are (Data Controller)
Conimex IT d.o.o. Zemunska 161f, 11277 Belgrade, Serbia Registration number (matični broj): 07541287 Tax ID (PIB): 100013454 Email: [email protected]
For any privacy-related question or request, contact us at the email address above.
2. What data we collect
We collect personal data only when you fill in the contact form. The form asks for:
- Name
- Email address
- The message you choose to write
We do not ask for, and we do not require, any other personal information.
We do not use:
- Tracking cookies, advertising cookies, or analytics cookies
- Google Analytics, Plausible, Matomo, or any other analytics tool
- Pixels or trackers from social networks or ad networks
- Email newsletter subscriptions or marketing automation
- A customer relationship management (CRM) system
The only cookies the site may set are strictly technical ones required to deliver the page (for example, Cloudflare's security cookies that protect against bots and DDoS attacks). These do not identify you and are not used for tracking.
3. Why we process this data and on what legal basis
We process the name, email, and message you submit through the contact form for one purpose only: to read your message and reply to it.
The legal basis for this processing is:
- Your consent (Art. 6(1)(a) GDPR / Art. 12(1)(1) Serbian Law on Personal Data Protection — ZZPL), given when you submit the form, and
- Our legitimate interest in answering business inquiries directed to us (Art. 6(1)(f) GDPR / Art. 12(1)(6) ZZPL).
You can withdraw your consent at any time by emailing us. Withdrawal does not affect the lawfulness of processing before withdrawal.
4. Who has access to the data
Inside our company, only the person handling the inquiry sees your message. We do not share contact-form data with third parties for marketing, profiling, or any commercial purpose.
We use the following service providers ("processors") that, by the nature of operating the service, may technically have access to data in transit or at rest:
| Provider | Role | Where |
|---|---|---|
| Cloudflare, Inc. | CDN, DDoS protection, edge proxy | Global edge network |
| Laravel Forge (Beyond Code GmbH) | Server provisioning and deployment management | EU |
| Conimex IT (own infrastructure) | Origin server hosting the website | Belgrade, Serbia |
| Google LLC (Google Workspace) | Email delivery and storage for [email protected] | Global Google infrastructure (incl. US) |
Each of these providers is contractually bound to process data only in accordance with our instructions and to provide adequate technical and organizational security.
5. International data transfers
The website itself is served from servers located in Serbia and from Cloudflare's global edge.
When you contact us, your message is delivered to our Google Workspace mailbox. Google may process this data in the United States and in other countries where it operates infrastructure. Google LLC is certified under the EU–U.S. Data Privacy Framework, which the European Commission has recognized as providing an adequate level of protection. Where required, transfers are additionally covered by the Standard Contractual Clauses approved by the European Commission.
If you would prefer not to have your message processed via Google Workspace, please do not use the contact form — write to us at [email protected] only after considering this notice, or reach us by post at the address above.
6. How long we keep the data
We retain contact-form correspondence for as long as it is necessary to:
- handle your inquiry and any follow-up communication;
- maintain a record of business relationships, including past, ongoing, and prospective ones;
- comply with our legal obligations under Serbian law (in particular tax, accounting, and statute-of-limitations rules, which can require business correspondence to be retained for up to 10 years); and
- defend or establish legal claims where applicable.
In practice, this means we generally do not proactively delete emails received through the contact form. We do, however, honor every deletion request you make under Section 8 below, except where a specific legal obligation requires us to retain a particular message.
If you would like your message and any related correspondence deleted, email us at [email protected] and we will action the request within 30 days.
7. How we protect the data
The website is served exclusively over HTTPS (TLS), with HSTS preload enabled. We apply standard security headers (Content Security Policy, Referrer-Policy, Permissions-Policy, X-Frame-Options, X-Content-Type-Options).
Server logs may include your IP address and the time of your request, kept short-term for security and abuse-prevention purposes only and not connected to contact-form submissions.
No security measure is perfect; if you become aware of a security issue, please report it to [email protected].
8. Your rights
Under the EU General Data Protection Regulation (GDPR) and the Serbian Law on Personal Data Protection (ZZPL), you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data ("right to be forgotten")
- Restrict how we process your data
- Object to processing based on legitimate interest
- Data portability — receive a copy of your data in a structured, machine-readable format
- Withdraw consent at any time, where processing is based on consent
- Lodge a complaint with a supervisory authority
To exercise any of these rights, email [email protected]. We respond within 30 days.
If you are based in Serbia, the supervisory authority is: Commissioner for Information of Public Importance and Personal Data Protection (Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti) Bulevar kralja Aleksandra 15, 11000 Belgrade · www.poverenik.rs
If you are based in the EU/EEA, you may lodge a complaint with the data protection authority of your country of residence.
9. Children
The website is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has sent us their data via the contact form, email us and we will delete it.
10. Changes to this policy
We may update this Privacy Policy when our practices change or when the law requires it. The "Last updated" date at the top reflects the latest version. Material changes will be highlighted on this page.
11. Contact
Questions about this Privacy Policy or about how your data is handled? Email: [email protected] Post: Conimex IT d.o.o., Zemunska 161f, 11277 Belgrade, Serbia